Generate a detailed permission trace for any Nexus user

Overview

Nexus 2.7+ provides a REST resource that can be used to identify all the permissions granted to a Nexus user.

The information exposed by a permission trace applies when a user receives anAuthorization failure 403 response from Nexus. An Authentication failure 401 response does not apply to a permission trace because it indicates the credentials cannot be authenticated by any active Security Realm and the authorization has not even started yet.

This information in a permission trace is similar to what is exposed in Security -> Users -> Privilege Trace tab in the Users UI, with the added feature of exposing the permission String used when determining access to resources at runtime.

Used together with logging messages which describe what permissions are required to access a particular resource, an Administrator can gain a better understanding of how to adjust user permissions to control access to Nexus resources.

Trace Example

Consider we have a username jane who has requests failing with 403 response. You are the Nexus Administrator using your default credentials of username admin.